package com.kma.ncpractice2013.auth;

import com.kma.ncpractice2013.dao.UserDAO;
import com.kma.ncpractice2013.model.User;



import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;



/**
 * User: Viktor
 * Date: 10/13/13
 */
public class AccessFilter implements Filter
{
    public void destroy()
    {
    }

    public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws ServletException, IOException
    {

        HttpServletRequest request = (HttpServletRequest) req;

        //PrintWriter out = resp.getWriter();
        HttpSession s = request.getSession(false);
	    UserDAO userDAO = new UserDAO();

		if (s!=null)
		{
			if (s.getAttribute("username") !=null)
			{
			User user = userDAO.getByLogin((String) s.getAttribute("username"));
			if (user!=null && user.getBlocked()==1)
			s.invalidate();         //logout banned users

			}
		}

        if ((request.getServletPath().contains("manager")) || (request.getServletPath().contains("/reports")))
        {


            if (s!=null)
            {
	            String isLoggedin = String.valueOf(s.getAttribute("auth"));
	            User u = (User)s.getAttribute("user");
	            String auth_level = String.valueOf(u.getAccessLevelId().getValue());
                if(isLoggedin!=null && isLoggedin.equals("true") && auth_level.equals(String.valueOf(User.AccessLevel.manager.getValue())))
                {

                    chain.doFilter(req, resp);
                }
                else
                {
	                HttpServletResponse response = (HttpServletResponse) resp;

	                response.sendError(HttpServletResponse.SC_FORBIDDEN);
                }

            }
        }
	    else
	    if ((request.getServletPath().contains("admin")))
	    {


		    if (s!=null)
		    {
			    String isLoggedin = String.valueOf(s.getAttribute("auth"));
			    User u = (User)s.getAttribute("user");
			    String auth_level = String.valueOf(u.getAccessLevelId().getValue());
			    if(isLoggedin!=null && isLoggedin.equals("true") && auth_level.equals(String.valueOf(User.AccessLevel.administrator.getValue())))
			    {

				    chain.doFilter(req, resp);
			    }
			    else
			    {
				    HttpServletResponse response = (HttpServletResponse) resp;
				    response.sendError(HttpServletResponse.SC_FORBIDDEN);

			    }

		    }
	    }
		else
	    if ((request.getServletPath().contains("user")))
	    {


		    if (s!=null)
		    {
			    String isLoggedin = String.valueOf(s.getAttribute("auth"));
			    User u = (User)s.getAttribute("user");
			    String auth_level = String.valueOf(u.getAccessLevelId().getValue());
			    if(isLoggedin!=null && isLoggedin.equals("true") && Integer.parseInt(auth_level)>=(User.AccessLevel.registeredCustomer.getValue()))
			    {

				    chain.doFilter(req, resp);
			    }
			    else
			    {
				    HttpServletResponse response = (HttpServletResponse) resp;

				    response.sendError(HttpServletResponse.SC_FORBIDDEN);
			    }

		    }
	    }
		else chain.doFilter(req, resp);

    }

    public void init(FilterConfig config) throws ServletException
    {

    }

}
